On Sat, Jun 13, 2015 at 4:32 PM, Juliusz Chroboczek <[email protected]> wrote: >> and then I go looking for the main babeld repo and spot this, which has >> socket control of conf stuff... >> http://git.erp5.org/repos/babeld.git > > > http://mid.gmane.org/<[email protected]> > http://mid.gmane.org/<[email protected]>
your links got mangled, but the email addy of the first was enough to find the relevant posts. I grok your analysis. :) It would be nice to more dynamically configure babel in the long run via appropriate means. whilst I am parsing the -g output... (which is not needed for what I describe below) I am kind of seeking ways to secure the perimeter of the network better than I currently do, with the pending ipv6 rollout of highly dynamic ipv6 addresses. One thought I'd had was to feed the known-to-igp routes into a ipset rule so I could only allow ssh from those ranges and a carefully added set of management networks outside the perimeter[1] for while I am away (right now I use the tinc vpn for this, and plan to only allow ssh from the vpn). tinc and babel seem compatible in switched, but not routed, mode. When routed there are several pita things about it, thus far. [1] this of course does not prevent a rogue router from messing up life internally, but I do like at least slowing down attempts over ipv6 to mess up my world. -- Dave Täht What will it take to vastly improve wifi for everyone? https://plus.google.com/u/0/explore/makewififast _______________________________________________ Babel-users mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users
